# Copyright 2023 Flant JSC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: Trivy DB Download
on:
  schedule:
  - cron: '0 */6 * * *'
  workflow_dispatch:

# Always run a single job at a time.
# Note: Concurrency is currently in beta and subject to change.
# https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#concurrency
concurrency:
  group: trivy-db-download

jobs:
  download-and-repush-images:
    name: Download and repush images
    runs-on: [self-hosted]
    steps:
{!{ tmpl.Exec "login_rw_registry_step" . | strings.Indent 6 }!}
{!{ tmpl.Exec "login_dev_registry_step" . | strings.Indent 6 }!}
      - name: Download custom trivy-db binary and copy image
        run: |
          rm -rf ./trivy-db && git clone --depth 1 --branch flant-latest ${{secrets.SOURCE_REPO}}/aquasecurity/trivy-db.git && cd trivy-db 
          ./update.sh ${{secrets.DECKHOUSE_REGISTRY_HOST}}/deckhouse/ee/security/trivy-db:2 >/dev/null 2>&1
          ./update.sh ${{secrets.DECKHOUSE_REGISTRY_HOST}}/deckhouse/fe/security/trivy-db:2 >/dev/null 2>&1
          ./update.sh ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}}/sys/deckhouse-oss/security/trivy-db:2 >/dev/null 2>&1
          ./update-vulnerability-references.sh ${{secrets.DECKHOUSE_REGISTRY_HOST}}/deckhouse/ee/security/trivy-bdu:1 >/dev/null 2>&1
          ./update-vulnerability-references.sh ${{secrets.DECKHOUSE_REGISTRY_HOST}}/deckhouse/fe/security/trivy-bdu:1 >/dev/null 2>&1
          ./update-vulnerability-references.sh ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}}/sys/deckhouse-oss/security/trivy-bdu:1 >/dev/null 2>&1
          ./oras cp ghcr.io/aquasecurity/trivy-java-db:1 ${{secrets.DECKHOUSE_REGISTRY_HOST}}/deckhouse/ee/security/trivy-java-db:1
          ./oras cp ghcr.io/aquasecurity/trivy-java-db:1 ${{secrets.DECKHOUSE_REGISTRY_HOST}}/deckhouse/fe/security/trivy-java-db:1
          ./oras cp ghcr.io/aquasecurity/trivy-java-db:1 ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}}/sys/deckhouse-oss/security/trivy-java-db:1
